Code Written with AI Assistants Is Less Secure

Interesting research: "Do Users Write More Insecure Code with AI Assistants?": Abstract: We conduct the first large-scale user study examining how users interact with an AI Code assistant to solve a variety of security related tasks across different programming languages. Overall, we find that...

Array is push()ed but not pop()ed, and is iterated over

Lines of code 96, 485, 485, 485, 485, 485, 485, 485, 485, 485, 485https://github.com/Tapioca-DAO/ta...

accrueConcentratedPositionTimeWeightedLiquidity may revert under special situations

Lines of code Vulnerability details Impact LiquidityMining.accrueConcentratedPositionTimeWeightedLiquidity may unintentionally reverts and make transactions does not succeed Proof of Concept The LiquidityMining.accrueConcentratedPositionTimeWeightedLiquidity function calculates the concentrated...

Exploit for PHP External Variable Modification in Juniper Junos

CVE-2023-36844 - The "Remote Code Execution in Juniper JunOS...

Mozilla Thunderbird < 115.2

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 115.2. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2023-38 advisory. - Memory safety bugs present in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1. Some of these bugs...

Introducing AI-guided Remediation for IaC Security / KICS

While the use of Infrastructure as Code IaC has gained significant popularity as organizations embrace cloud computing and DevOps practices, the speed and flexibility that IaC provides can also introduce the potential for misconfigurations and security vulnerabilities. IaC allows organizations to...

The Rising Threat of Secrets Sprawl and the Need for Action

The most precious asset in today's information age is the secret safeguarded under lock and key. Regrettably, maintaining secrets has become increasingly challenging, as highlighted by the 2023 State of Secrets Sprawl report, the largest analysis of public GitHub activity. The report shows a 67%...

GitHub Extends Push Protection to Prevent Accidental Leaks of Keys and Other Secrets

GitHub has announced the general availability of a new security feature called push protection, which aims to prevent developers from inadvertently leaking keys and other secrets in their code. The Microsoft-owned cloud-based repository hosting platform, which began testing the feature a year ago...

ChatGPT writes insecure code

Research by computer scientists associated with the Universite du Quebec in Canada has found that ChatGPT, OpenAI's popular chatbot, is prone to generating insecure code. "How Secure is Code Generated by ChatGPT?" is the work of Raphael Khoury, Anderson Avila, Jacob Brunelle, and Baba Mamadou...

MAL-2023-7303 Malicious code in tposintadget (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 09d7c9df1859042d6bf492ed412327a819ba78649e3175f7c9f05953d096b30c EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

CVE-2022-45479

PC Keyboard allows remote unauthenticated users to send instructions to the server to execute arbitrary code without any previous authorization or authentication. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H...

Akeyless Empowers Enterprise Code Security with Comprehensive Secrets Management

By Waqas Meet Akeyless, a secure identity and access management platform that helps organizations manage user identities, passwords, and access control. This is a post from HackRead.com Read the original post: Akeyless Empowers Enterprise Code Security with Comprehensive Secrets Management...

Library exclusively intended to obfuscate code.

This crate allows you to write safe functions with unsafe bodies without the unsafe keyword. The value this adds is questionable, and hides unsafe usages from naive analysis...

EUVD-2021-30770

Visual Studio Code Spoofing Vulnerability...

Code Security Advent Calendar 2021

We are happy to announce our sixth consecutive Code Security Advent Calendar! Born at RIPS in 2016, each calendar comprises 24 little code puzzles containing hidden security vulnerabilities that wait to be spotted. This is our way to share good vibes with the community while learning and having f...

Meet the new project experience for SonarCloud

We are very pleased to announce that we have released a new project experience. It’s now available in SonarCloud for all users. You’ll notice a few improvements the next time you open SonarCloud. We’re going to tell you more about what this makeover is about in this article. You may be wondering...

All Vulnerabilities for hkmu.edu.hk Patched via Open Bug Bounty

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| hkmu.edu.hk ---|--- Open Bug Bounty...

Launching ‘Secret Detection’ to keep your Cloud ‘Secrets’ safe

Most digital applications we work on require some type of credentials –– to connect to a database with a username/password, to access computer programs via authorized tokens, or API keys to invoke services for authentication. Credentials a.k.a ‘Secrets’ are pieces of user or system level...

Know where your project stands with the new project overview!

In late April, I introduced the new project experience for SonarCloud, which has already been adopted by a lot of you. Today, we’re adding a brand new project overview page! We can’t wait for you to try it! Let’s discover what’s inside in this blog. Your project status & activity all in one place...

Manage Open Source Code Security Risks

Open source code is in the vast majority of commercial softwares today. Learn best practices to mitigate the unique risks that accompany its use...